...
| Info | ||
|---|---|---|
| ||
Participation in the InCommon Identity Assurance Program requires the use of SAML V2.0 Web Browser SSO. IdP and SP operators should plan to upgrade to SAML V2.0 as soon as possible. |
SAML V2.0 Support for Assurance
SAML's support for identity assurance is embodied in a concept called "Authentication Context". The context of an authentication event is designed to capture both technical and procedural elements that factor into the "confidence" expressed by the identity provider in the event. In terms of assurance, this maps to the concepts of technical strength and identity proofing strength that make up an assurance profile.
...
Thus, we expect assurance deployment to be gradual, and we will continue to evolve documentation to reflect what we learn. We also encourage deployers to talk to their software suppliers about the support (or lack thereof) of these features.
| Anchor | ||||
|---|---|---|---|---|
|
IAQs in Metadata
InCommon Operations will add identity assurance qualifiers (IAQs) to published metadata following notification of certification by InCommon management. IAQs will be added to the appropriate IdP entity descriptor of the certified IdP operator (IdPO).
...
Note that all of the above URIs will most likely resolve to actual web pages at some point.
Technical Details
The following extension is the immediate child element of the IdP's <md:EntityEescriptor> element in metadata:
...
For convenience, we provide a set of (suitably modified) schema files that permit offline schema validation.
SP Behavior
See: Assurance - Service Provider Behavior.
IdP Behavior
See: Assurance - Identity Provider Behavior.
References
- SAML V2.0 Core
- SAML V2.0 Metadata Extension for Entity Attributes
- SAML V2.0 Identity Assurance Profiles
...